Using PowerShell to Search for Specific Users in Active Directory without Knowing their Exact Information

You’re looking for a user in your Active Directory environment who goes by the nickname of “JW”. You know that’s the user’s initials and you need to find their AD user account.

Typically you’d use the Identity parameter, but that parameter doesn’t allow wildcards:

PowerShell

1

Get-ADUser-Identityj*w*

Verifying wildcard’s are not allowed on the Identity parameter of Get-ADUser:

PowerShell

1

help Get-ADUser-Parameteridentity

What you’ll need to do is use the Filter parameter instead:

PowerShell

1

Get-ADUser-Filter{name-like'j*w*'}

The previous results were close to what you wanted, but not exactly. It included users like “Jo Brown” since his name also matches the search criteria that was provided. This time let’s try a compound filter and specify GivenName’s that start with “J” and Surname’s that start with “W”:

PowerShell

1

Get-ADUser-Filter{GivenName-like'j*'-andSurname-like'W*'}

The previous example is much, much better than using the Where-Object cmdlet to filter with since the previous example follows the best practice of filtering early or filtering left.

As you can see in the previous results, the example that used the Filter parameter took about 12 milliseconds to complete and the example that used the Where-Object cmdlet for the filtering took approximately 310 milliseconds to complete. There are a total of 305 Active Directory user accounts in the test environment that these examples were run against. The performance of the Where-Object example would be worse if more Active Directory user accounts existed in the environment.

The examples shown in this blog have been demonstrated on a Windows 8.1 client machine with the RSAT (Remote Server Administration Tools) installed. The client machine is part of a domain and the domain controllers are running Windows Server 2012 R2.

My Speaking Engagements

User Groups

Disclaimer

All data and information provided on this site is for informational purposes only. Mike F Robbins (mikefrobbins.com) makes no representations as to accuracy, completeness, currentness, suitability, or validity of any information on this site and will not be liable for any errors, omissions, or delays in this information or any losses, injuries, or damages arising from its display or use. All information is provided on an as-is basis.